[BACK]Return to MESSAGE CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / pkgsrc / pkgtools / pkg_install

File: [cvs.NetBSD.org] / pkgsrc / pkgtools / pkg_install / MESSAGE (download)

Revision 1.6, Fri Dec 5 14:31:07 2014 UTC (7 weeks, 3 days ago) by schmonz
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base, pkgsrc-2014Q4, HEAD
Changes since 1.5: +2 -2 lines

Spell "vulnerabilities" correctly.

$NetBSD: MESSAGE,v 1.6 2014/12/05 14:31:07 schmonz Exp $

You may wish to have the vulnerabilities file downloaded daily so that
it remains current.  This may be done by adding an appropriate entry
to a user's crontab(5) entry.  For example the entry

# download vulnerabilities file
0 3 * * * ${PREFIX}/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1

will update the vulnerability list every day at 3AM. You may wish to do
this more often than once a day.

In addition, you may wish to run the package audit from the daily
security script.  This may be accomplished by adding the following
lines to /etc/security.local

if [ -x ${PREFIX}/sbin/pkg_admin ]; then
        ${PREFIX}/sbin/pkg_admin audit

Alternatively this can also be acomplished by adding an entry to a user's
crontab(5) file. e.g.:

# run audit-packages
0 3 * * * ${PREFIX}/sbin/pkg_admin audit

Both pkg_admin subcommands can be run as as an unprivileged user,
as long as the user chosen has permission to read the pkgdb and to write
the pkg-vulnerabilities to ${PKGVULNDIR}.

The behavior of pkg_admin and pkg_add can be customised with
pkg_install.conf.  Please see pkg_install.conf(5) for details.

If you want to use GPG signature verification you will need to install
GnuPG and set the path for GPG appropriately in your pkg_install.conf.